android bsd linux unix & open-source world


FreeBSD: How to set up an UPnP Internet Gateway Device (IGD) with MiniUPnP and FreeBSD 9.0

Universal Plug and Play (UPnP) is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi access points and mobile devices to seamlessly discover each other's presence on the network and establish functional network services for data sharing, communications, and entertainment.

The MiniUPnP project offers software which supports the UPnP Internet Gateway Device (IGD) specifications.

For the purposes of this article I'll assume you're familiar with setting up NAT under FreeBSD using OpenBSD Packet Filter. I'll also assume that your machine is up, routing and translating traffic correctly and is protected by OpenBSD Packet Filter (PF).

Print This Post Print This Post

SSH Security: How To Block SSH Brute Force Attacks with SSHGuard

SSHGuard monitors logging activity and reacts to attacks by blocking their source IP addresses. sshguard has born for protecting SSH servers from the today's widespread brute force attacks, and evolved to an extensible log supervisor for blocking attacks to applications in real-time.

SSHGuard is given log messages in its standard input. By means of a parser, it decides whether an entry is normal activity or attack. After a number of attacks, the IP address is blocked with the firewall.

These are the available blocking backends:

  • SSHGuard with PF (OpenBSD, FreeBSD, NetBSD, DragonFly BSD)
  • SSHGuard with IP FILTER (FreeBSD, NetBSD, Solaris)
  • SSHGuard with IPFW (FreeBSD, Mac OS X)
  • SSHGuard with netfilter/iptables (Linux)
  • SSHGuard with TCP wrappers / hosts.allow (almost any UNIX system)
Print This Post Print This Post

How To Set Up an OpenBSD Router – Step-by-Step Tutorial

This article is a step-by-step guide about how to set up OpenBSD system that will act as a network router that takes advantage of the OpenBSD's PF packet filter.

1. OpenBSD Installation

Install OpenBSD by using this tutorial.

Now that you have OpenBSD installed, lets proceed with the next step.

2. OpenBSD Network Configuration

The network interface is configured at boot time using the /etc/hostname.if files, where if will be replaced by the full name of your interface, for the example above, /etc/hostname.xl0.

The layout of this file is simple:

address_family   address   netmask   broadcast   [other options]

Print This Post Print This Post

SSH Security Tips – OpenSSH hardening security

In this article I'll show you some tricks to help you securing your OpenSSH service. Here you will find useful information on how to secure sshd and prevent ssh dictionary attack.

1. SSH security by tweaking sshd_config

The OpenSSH server configuration file is located in /etc/ssh/sshd_config. You need to restart sshd after every change you make to that file in order for changes to take effect.

  • Change port number

Moving the SSH daemon off of port 22 protects you against automated attacks which assume that sshd is running on port 22.

Port 34912

  • Allow only SSH protocol 2

Only SSH protocol version 2 connections should be permitted. Version 1 of the protocol contains security vulnerabilities. The default setting shipped in the configuration file is correct, but it's important to check.

Protocol 2

Print This Post Print This Post

How To Set Up a FreeBSD Router – Step-by-Step Tutorial

This tutorial explains how to set up a FreeBSD system that will act as a network router that takes advantage of the ported version of OpenBSD's PF packet filter. A network router is a system that forwards packets from one interface to another.

1. FreeBSD Installation

Install FreeBSD by using this tutorial.

Now that you have FreeBSD installed, lets proceed with the next step.

2. FreeBSD Network Configuration

Open /etc/rc.conf in your favorite editor. You need to add a line for each network card present on the system, for example in our case we'll use two network cards:

Print This Post Print This Post